For this scenario, the client will not have an interactive user, and will authenticate
using the so called client secret with IdentityServer.
Add the following code to your Config.cs file:

publicstaticIEnumerable<Client>GetClients(){returnnewList<Client>{newClient{ClientId="client",// no interactive user, use the clientid/secret for authenticationAllowedGrantTypes=GrantTypes.ClientCredentials,// secret for authenticationClientSecrets={newSecret("secret".Sha256())},// scopes that client has access toAllowedScopes={"api1"}}};}

To configure IdentityServer to use your scopes and client definition, you need to add code
to the ConfigureServices method.
You can use convenient extension methods for that -
under the covers these add the relevant stores and data into the DI system:

That’s it - if you run the server and navigate the browser to
http://localhost:5000/.well-known/openid-configuration, you should see the so-called
discovery document.
This will be used by your clients and APIs to download the necessary configuration data.

You can use the ASP.NET Core Web API template.
Again, we recommend you take control over the ports and use the same technique as you used
to configure Kestrel and the launch profile as before.
This walkthrough assumes you have configured your API to run on http://localhost:5001.

AddAuthentication adds the authentication services to DI and configures "Bearer" as the default scheme.
AddIdentityServerAuthentication adds the IdentityServer access token validation handler into DI for use by the authentication services.
UseAuthentication adds the authentication middleware to the pipeline so authentication will be performed automatically on every call into the host.

If you use the browser to navigate to the controller (http://localhost:5001/identity),
you should get a 401 status code in return. This means your API requires a credential.

The last step is to write a client that requests an access token, and then uses this
token to access the API. For that, add a console project to your solution (see full code here).

The token endpoint at IdentityServer implements the OAuth 2.0 protocol, and you could use
raw HTTP to access it. However, we have a client library called IdentityModel, that
encapsulates the protocol interaction in an easy to use API.

Add the IdentityModel NuGet package to your application.

IdentityModel includes a client library to use with the discovery endpoint.
This way you only need to know the base-address of IdentityServer - the actual
endpoint addresses can be read from the metadata: